Organization exposes critical business data or user’s private data through API. It is required to protect API against any unauthorized access, attack or security breach. In this blog I am not going to discuss API security mechanism. Here I want to detailed out the separation of API authentication from underlying RESTful Api.
Authentication / Authorization is cross cutting concern and it must be decoupled from business logic. In this post I am going to discuss Spray’s authenticate directive which handle authentication/authorization in decoupled way.
From Spray’s documentation.
“Directives” are small building blocks of which you can construct arbitrarily complex route structures.
A directive does one or more of the following:
- Transform the incoming RequestContext before passing it on to its inner Route
- Filter the RequestContext according to some logic, i.e. only pass on certain requests and reject all others
- Extract values from the RequestContext and make them available to…
View original post 290 more words